Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
No build reason found for SLE-Module-HPC:aarch64
home:dirkmueller:acdc:sp5-rebuild
dovecot23.12668
0001-lib-managesieve-Don-t-accept-strings-with-...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-lib-managesieve-Don-t-accept-strings-with-NULs.patch of Package dovecot23.12668
From 7ce9990a5e6ba59e89b7fe1c07f574279aed922c Mon Sep 17 00:00:00 2001 From: Timo Sirainen <timo.sirainen@open-xchange.com> Date: Fri, 10 May 2019 19:43:55 +0300 Subject: [PATCH 1/2] lib-managesieve: Don't accept strings with NULs ManageSieve doesn't allow NULs in strings. This fixes a bug with unescaping a string with NULs: str_unescape() could have been called for memory that points outside the allocated string, causing heap corruption. This could cause crashes or theoretically even result in remote code execution exploit. Found by Nick Roessler and Rafi Rubin --- src/lib-managesieve/managesieve-parser.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git dovecot-2.3-pigeonhole-0.5.3/src/lib-managesieve/managesieve-parser.c dovecot-2.3-pigeonhole-0.5.3/src/lib-managesieve/managesieve-parser.c index d3eb2101..f5f9d323 100644 --- dovecot-2.3-pigeonhole-0.5.3/src/lib-managesieve/managesieve-parser.c +++ dovecot-2.3-pigeonhole-0.5.3/src/lib-managesieve/managesieve-parser.c @@ -258,6 +258,11 @@ managesieve_parser_read_string(struct managesieve_parser *parser, break; } + if (data[i] == '\0') { + parser->error = "NULs not allowed in strings"; + return FALSE; + } + if (data[i] == '\\') { if (i+1 == data_size) { /* known data ends with '\' - leave it to -- 2.16.4
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor